690950a4291ec40bf5ad1146266443c0026077c16be3f65f0f035b0160dcd9d7

Analysis

max time kernel
120s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:28

Target

15e88a397e92bb10dc0d4b9e11d69dbe.exe
Size

105KB
MD5

15e88a397e92bb10dc0d4b9e11d69dbe
SHA1

91209970b2850000aa0153c7520cc6802f4c3992
SHA256

690950a4291ec40bf5ad1146266443c0026077c16be3f65f0f035b0160dcd9d7
SHA512

7fac87d138482231293a57a31d8277323a77116db092bc154fe83a67f2f83af206e71fd37fad32aaa6d2c3c116df522c021363aedeb1a36b172edd3a9d82a85a
SSDEEP

3072:K5btp2GC1TeXwriaxprNdUUb4VvV1iZdyFtxwwyyHoQ6:K5btpG1TswflHLb4VvqZd0xw/yH/6

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2160	1756	WerFault.exe	24

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2160	1756	15e88a397e92bb10dc0d4b9e11d69dbe.exe	28
PID 1756 wrote to memory of 2160	1756	15e88a397e92bb10dc0d4b9e11d69dbe.exe	28
PID 1756 wrote to memory of 2160	1756	15e88a397e92bb10dc0d4b9e11d69dbe.exe	28
PID 1756 wrote to memory of 2160	1756	15e88a397e92bb10dc0d4b9e11d69dbe.exe	28

C:\Users\Admin\AppData\Local\Temp\15e88a397e92bb10dc0d4b9e11d69dbe.exe
"C:\Users\Admin\AppData\Local\Temp\15e88a397e92bb10dc0d4b9e11d69dbe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 36
  2⤵
  - Program crash
  PID:2160

memory/1756-0-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/1756-1-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download